A sandbox in computer security is a security mechanism for isolating a running program.
Usually used to prevent system failures and software vulnerabilities from spreading.
The sandbox has two main uses
- Environment for testing and inspecting untested programs that may contain viruses or other malicious code without harming the host device = security sandbox
- Virtual environment for executing untrusted third-party program code without affecting the host device = smartphone apps, etc.
Sandboxing allows software to be run in a restricted OS environment to control the resources (files, memory, file system space, etc.) available to the process.
Example implementation
The following is an example of a sandbox implementation.
Linux application sandbox: built on Seccomp, cgroups, and Linux namespaces. In particular, it has been adopted by Systemd, Google Chrome, Firefox, and Firejail.
Android: the first mainstream OS to implement full application sandboxing, built by assigning each application its own Linux user ID
Apple App Sandbox: Required for apps distributed through Apple’s Mac App Store and iOS/iPadOS App Store, and recommended for all other signed apps
jail: A jail is a restriction on network access and file system namespace restrictions. Jails are most commonly used on virtual hosts
Virtual Machine: Emulates a complete host computer on which a conventional OS can be booted and run as if it were real hardware. The guest OS is sandboxed and runs in the sense that it can only access the host’s resources through the emulator.
Sandboxing on native hosts: Security researchers are making heavy use of sandboxing techniques to analyze the behavior of malware. By building an environment that mimics or replicates the target desktop, researchers evaluate how the malware infects and compromises the target host. There are many malware analysis services that use sandbox technology.
Google Native Client: A sandbox for efficient and secure execution of compiled C and C++ code in the browser, independent of the user’s operating system
Secure Computing Mode (seccomp): A sandbox built into the Linux kernel. seccomp, when started in strict mode, allows only write(), read(), exit(), and sigreturn() system calls.
Comments